Prerequsites
Please set up the identity of your VM, as depicted in the following screen.
CLI
In order to create a new Auth Method that will be able to authenticate using Azure Active Directory credentials, run the following command in your terminal, with the relevant parameters enabled.
$ akeyless create-auth-method-azure-ad
Options:
-n, --name | Auth Method name |
|---|---|
--access-expires[=0] | Access expiration date in Unix timestamp (select 0 for access without expiry date) |
--bound-ips | A CIDR whitelist of the IPs that the access is restricted to |
--bound-tenant-id | The Azure tenant id that the access is restricted to |
--issuer[=https://sts.windows.net/---bound_tenant_id---] | Issuer URL |
--jwks-uri[=https://login.microsoftonline.com/common/discovery/keys] | The URL to the JSON Web Key Set (JWKS) that contains the public keys that should be used to verify any JSON Web Token (JWT) issued by the authorization server |
--audience[=https://management.azure.com/] | The audience in the JWT |
--bound-spid | A list of service principal IDs that the access is restricted to |
--bound-group-id | A list of group ids that the access is restricted to |
--bound-sub-id | A list of subscription ids that the access is restricted to |
--bound-rg-id | A list of resource groups that the access is restricted to |
--bound-providers | A list of resource providers that the access is restricted to (e.g, Microsoft.Compute, Microsoft.ManagedIdentity, etc) |
--bound-resource-types | A list of resource types that the access is restricted to (e.g, virtualMachines, userAssignedIdentities, etc) |
--bound-resource-id | A list of resource names that the access is restricted to (e.g, a virtual machine name, scale set name, etc). |
--bound-resource-names | A list of full resource ids that the access is restricted to |
UI
In order to create a new Azure Active Directory authentication credentials, go to Auth Methods tab, click on new and select Azure AD.
For authentication with cloud-id please refer here.
Updated about a year ago